Defending against side-channel attacks - Part I

Editor's Note: This article was originally presented at ESC Boston 2011.

Part One of this three-part series provides a brief introduction to side-channel analysis, including timing analysis and simple and differential power analysis (SPA and DPA).

1. Introduction Cryptography is a fundamental building block for securing systems and communications and is widely deployed in embedded systems used for commercial and defense applications. Basic cryptographic operations such as encryption/decryption, message-authentication and digital signatures rely on secret keys that must be kept securely within a device and protected from disclosure. Modern cryptographic algorithms, when used with appropriate-sized keys, are designed to resist all known attacks where the attacker can observe (or manipulate) the inputs or outputs of the algorithm, but does have any other information about the secret key or about the execution of the algorithm.

In practice, however, an attacker who has access to a device that is performing a cryptographic operation can easily obtain additional information about the operation, beyond just the inputs and outputs. For example, even a remote attacker can obtain a (noisy) estimate of the time taken to perform cryptographic operations. An attacker who is physically close to the device could also measure the power consumed by the device or its EM emissions while it is performing the operation. These additional sources of information about cryptographic operations are known as side-channels, and in the mid-1990s Kocher et al [1,4] showed that side-channels such as timing and power consumption contained enough information to easily extract the secret key from naÔve implementations of all cryptographic algorithms. They also proposed several fundamental techniques for protecting cryptographic implementations from such attacks.

Subsequently, substantial R&D activity has been directed towards understanding side-channel attacks and implementing defenses. Many industry and government standards as well security certifications now require tamper resistant devices to defend against side-channel attacks. Non-invasive side-channel attacks such as timing attacks, and simple and differential power analysis (SPA and DPA), should be addressed by all systems that require any significant degree of tamper resistance since these attacks can be carried out by attackers with modest skill and resources, and timing and power measurements can be collected easily.

This paper provides a brief introduction to side-channel analysis, including timing analysis and simple and differential power analysis (SPA and DPA). It then discusses CRIís recent side-channel analysis of popular mobile devices, in which cryptographic keys are extracted from the devices using EM emissions from the processor as it performs certain cryptographic calculations. (These are unintended emissions from the devices, and not related to the emissions from the devicesí ordinary communications channels.) Also, we propose a new suite of standardized tests intended to help analysts look for potential problems in their devices. These tests have been designed to enable consistent testing by validation labs, as well as help developers find problems in their devices without the need for custom tests.